CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST

2024-06-2012:36:18

SEC-VLab

www.cve.org

cve-2023-49112

insecure direct object reference

kiuwan sast

api endpoint

access control mechanisms

0.0004 Low

EPSS

Percentile

9.1%

JSON

Kiuwan provides an API endpoint

/saas/rest/v1/info/application

to get information about any
application, providing only its name via the “application” parameter. This endpoint lacks proper access
control mechanisms, allowing other authenticated users to read
information about applications, even though they have not been granted
the necessary rights to do so.

This issue affects Kiuwan SAST: <master.1808.p685.q13371

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "SAST",
    "vendor": "Kiuwan",
    "versions": [
      {
        "status": "affected",
        "version": "<master.1808.p685.q13371",
        "versionType": "custom"
      }
    ]
  }
]

References

r.sec-consult.com/kiuwan

www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-49112